About TableCheck Inc.
TableCheck is a leading restaurant management platform that helps restaurants optimize their operations and enhance guest experiences. As we continue to grow and handle sensitive customer and business data, we are committed to maintaining the highest standards of security and compliance.
Position Overview
We are seeking an experienced Penetration Tester to conduct comprehensive security assessments of our web applications and cloud infrastructure. This role is critical in ensuring our compliance with ISO27001 and SOC2 standards while identifying and helping remediate security vulnerabilities before they can be exploited.
The ideal candidate will have extensive experience in web application penetration testing, particularly in large-scale environments, and the ability to communicate complex technical findings to both technical and non-technical stakeholders.
Key Responsibilities
Technical Responsibilities
- Conduct comprehensive penetration tests on web applications, APIs, and cloud infrastructure
- Perform security assessments following OWASP Testing Guide and PTES methodologies
- Identify and exploit vulnerabilities in accordance with the OWASP Top 10
- Execute both automated and manual testing techniques
- Develop proof-of-concept exploits to demonstrate vulnerability impact
- Assess AWS cloud environment security configurations
- Perform post-exploitation activities including privilege escalation and lateral movement
- Validate remediation efforts through retesting
Compliance & Reporting
- Ensure penetration testing meets ISO27001, SOC2, and other compliance requirements
- Produce comprehensive technical reports with CVSS scoring
- Create executive summaries that translate technical risks into business impact
- Provide attestation letters for compliance purposes
Communication & Collaboration
- Present findings to technical teams and management
- Provide clear, actionable remediation guidance
- Collaborate with development teams to understand application architecture
Required Qualifications
Experience
- Minimum 3+ years of hands-on penetration testing experience
- Proven track record of conducting web application penetration tests on large, complex environments
- Demonstrated experience with enterprise-scale assessments
- Prior experience with compliance-driven penetration testing (ISO27001, SOC2, and/or PCI-DSS) is a pre, but does have our preference
Technical Skills
- Expert proficiency with web penetration testing tools including but not limited to:
- Burp Suite Professional
- OWASP ZAP
- Nmap
- Metasploit Framework
- SQLMap
- Custom scripting tools
- Deep understanding of the OWASP Top 10 vulnerabilities and testing methodologies
- Comprehensive knowledge of PTES (Penetration Testing Execution Standard) technical guidelines
- Strong understanding of web technologies: HTTP/HTTPS, REST APIs, JavaScript, SQL, etc.
- Experience with AWS environments including:
- EC2, S3, RDS, Lambda
- IAM policies and roles
- VPC and network security
- AWS-specific attack vectors
- Proficiency in scripting languages (Python, Bash, PowerShell, etc.)
- Knowledge of common web frameworks and their security implications
Professional Certifications (Required)
- Must hold at least ONE medior/senior-level penetration testing certification:
Note: Junior certifications (CEH, Security+, PenTest+, etc.) alone are NOT sufficient for this role.
Communication Skills
- Excellent technical writing skills in English for detailed pentest reports
- Outstanding non-technical writing abilities for executive summaries and business communications
- Proven ability to translate complex technical vulnerabilities into business risk language
- Strong documentation skills for creating testing methodologies and procedures
Compliance Knowledge
- Understanding of penetration testing requirements within:
- ISO/IEC 27001:2023 framework
- SOC2 Type I/II criteria
- PCI-DSS requirements (preferred)
- Experience providing compliance attestation and evidence
- Knowledge of regulatory requirements affecting security testing
Preferred Qualifications
Language Skills
- Japanese language proficiency is not required, but is very welcome
Additional Technical Skills
- Knowledge of container penetration testing (Docker, Kubernetes)
- Experience with infrastructure as code (Terraform)
Additional Certifications (Nice to Have)
- OSWE (Offensive Security Web Expert)
About TableCheck
TableCheck is changing the online reservation business by connecting millions of diners around the world to the restaurants they love. We help diners make restaurant reservations, and we help merchants manage table inventory, enrich dining experiences, and visualize multi-property analytics to gain insights into restaurant performance. Our goal is to both inform and delight.
We're remote-first, having an asynchronous style working, with employees spread throughout Asia and Europe working on the same team. As such, communication and documentation are in our blood. We look for and write about signals in the noise which enables us to constantly learn and adapt, and we expect members of our teams to constantly follow up with questions and updates to keep everyone in the loop.
Our engineering team communicates in English, and so we generally don't require Japanese skills. We also welcome applicants currently outside Japan. If you want to relocate here, we can sponsor your visa. We're also open to remote candidates who do not plan to relocate.
Get Job Alerts
Sign up for our newsletter to get hand-picked tech jobs in Japan – straight to your inbox.